Close
Enter your
text here

eDiscoveryDaily

The “Belt and Suspenders” Approach for Effective Communication: eDiscovery Best Practices

Having recently experienced a potential communication issue with a client, I thought it would be a good time to revisit this topic…

To be a good manager, you need to be a good communicator.  Effective communication is a key part of effective project management, whether that communication is internally within the project team or externally with your client.  It is so easy for miscommunications to occur that can derail your project and cause deadlines to be missed, or work product to be incomplete or not meet the client’s expectations.

I like to employ a “belt and suspenders” approach to communication with clients as much as possible, by discussing requirements or issues with the client and then following up with documentation to confirm the understanding.  Sometimes what you thought you heard or what they thought they said may not match, so the documentation is key to making sure you’re on the same page (literally).  :o)

Following up with documentation of the discussion seems obvious and many project managers start out that way – they discuss project requirements and services with a client and then formally document into a contract or other binding agreement.  However, as time progresses, many project managers start to slip in following up to document changes discussed to scope or approach to handling specific exceptions with clients.  It’s the little day to day discussions and decisions that aren’t documented that can often come back to haunt you. The other extreme is where a project manager communicates solely via email and keeps the project team waiting for the client to respond to the latest email – sometimes, you need to pick up the phone and agree on the approach quickly to keep things moving.  Unless there is a critical decision for which documented agreement is required to proceed, discussing and documenting keeps the project moving while ensuring each decision gets documented.

I can think of several instances where this approach helped avoid major issues, especially with the follow-up agreement or email.  If nothing else, it gives you something to point back to if miscommunication occurs.  Recently, we agreed to process some data for a client with our professional services team to follow up to perform specific searches to identify potentially responsive ESI to review and (for the documents classified as responsive and not privileged during review) produce.  We discussed the requirements with the client and I sent an email which documented the proposed approach and the searches we were to perform for the client to approve, which he did.  We then proceeded to process and search the ESI as agreed to in the email.

When we reviewed the search results with the client, it was determined that there was a misunderstanding on one of the searches related to relevant time frame – we understood that emails before a certain date were relevant, but the client said it was the other way around and that emails on or after that date were relevant.  Fortunately, the client was understanding and the rework was minimal, but having that approved email that documented our understanding was good to have – just in case.  We delivered what we promised and our reputation with that client remains strong – in part, thanks to the “belt and suspenders” approach!

So, what do you think?  Have you had miscommunications with clients because of inadequate documentation? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Despite Parties’ “Significant Animosity”, Court Orders Them to Meet and Confer: eDiscovery Case Law

In Elhannon LLC v. F.A. Bartlett Tree Expert Co., No. 2:14-cv-262 (D. Vermont, Apr. 18, 2017), Vermont District Judge William K. Sessions, III granted in part and denied in part the plaintiff’s renewed motion to compel, denied motions for sanction by each party against the other, and ordered the parties to engage in further meet-and-confer efforts to narrow their differences on the appropriate scope of discovery.

Case Background

In a breach of contract and consumer fraud dispute over pest infestation in the plaintiff’s tree nursery, the parties had numerous disputes over whether the defendant had met its discovery obligations.  In February 2016, the plaintiff filed a motion to compel several categories of documents, including printouts of all screens from the defendant’s Electronic Landscape Manager (“ELM”) program, internal correspondence and emails pertaining to the plaintiff, internal financial and other analysis documents pertaining to the plaintiff, compensation and personnel file materials for the two key defendant employees on the plaintiff’s contracts, and documents from the defendant’s other electronic systems.

In most categories, the defendant’s arguments primarily related to either a contention that all responsive documents had already been produced, the documents requested were either irrelevant or not specific to the plaintiff or were already produced via another electronic system.  As for the internal correspondence and emails, the plaintiff contended that the defendant’s email searches were “haphazard, overly narrow, devoid of proper guidance by counsel, and unreliable to say the least”, noting that several custodians were either not provided with search terms, or the terms were too limited or may have not performed any searches at all.  The defendant did acknowledge that it “recently recovered a number of emails previously not produced due to a gap in the technology used to perform its earlier email searches” and did supplement the production with those.

The plaintiff renewed its motion on the ground that recent deposition testimony demonstrates that Defendant’s prior representations to this Court asserting complete discovery responses were false.  In addition, both parties cross-moved for discovery sanctions, the plaintiff’s request was against the defendant failing to satisfy their discovery obligations and the defendant’s request was against the plaintiff for failing to meet and confer.

Judge’s Ruling

Judge Sessions noted that “the parties’ filings indicate that counsel have approached each other with significant animosity, and that substantial challenges exist to narrowing discovery disputes.”  Taking several of the document categories in consideration, Judge Sessions ordered the defendant to produce additional relevant, responsive data and documents from those sources.

With regard to the email search terms, Judge Sessions stated:

“Given the parties’ failure to engage in a comprehensive meet and confer or to reach agreement on the scope of email search terms, the Court will require the parties to do so now, rather than grant Elhannon’s motion on this ground. If necessary, the parties may request the Court to approve a list of appropriate email search terms after their meet-and-confer.”

Judge Sessions did not find that the plaintiff’s failure to meet and confer prior to filing the instant motion warranted the imposition of sanctions, nor did he find that “either party has provided sufficient reasons to justify sanctions against the other for failing to produce documents.”

So, what do you think?  Should parties face sanctions for failing to meet and confer?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

To Keyword Cull or Not to Keyword Cull? That is the Question: eDiscovery Trends

We’re seeing a lot of discussion about whether to perform keyword searching before predictive coding.  We’ve even seen a recent case where a judge weighed in as to whether TAR with or without keyword searching is preferable.  Now, we have a new article published in the Richmond Journal of Law and Technology that weighs in as well.

In Calling an End to Culling: Predictive Coding and the New Federal Rules of Civil Procedure (PDF version here), Stephanie Serhan, a law student, looks at the 2015 Federal Rules amendments (particularly Rules 1 and 26(b)(1)) as justification for applying predictive coding “at the outset on the entire universe of documents in a case.”  Serhan concludes that doing so is “far more accurate, and is not more costly or time-consuming, especially when the parties collaborate at the outset.”

Serhan discusses the importance of timing to predictive coding and explains the technical difference between predictive coding at the outset of a case vs. predictive coding after performing keyword searches.  One issue of keyword culling that Serhan notes is that it “is not as accurate because the party may lose many relevant documents if the documents do not contain the specified search terms, have typographical errors, or use alternative phraseologies”.  Serhan assumes that those “relevant documents removed by keyword culling would likely have been identified using predictive coding at the outset instead.”

Serhan also takes a look at the impact on efficiency and cost between the two methods and concludes that the “actual cost of predictive coding will likely be substantially equal in both methods since the majority of the costs will be incurred in both methods.”  She also looks at TAR related cases, both before and after the 2015 Rules changes.

More and more people have concluded that predictive coding should be done without keyword culling and with good reason.  Applying predictive coding to a set unaltered by keywords would not only likely be more accurate, but also be more efficient as keyword searching requires its own methodology that includes testing of results (and documents not retrieved) before moving on.  Unless there’s a need to limit the volume of collected data because of cost considerations, there is no need to apply keyword culling before predictive coding.

Culling that does make sense is Hash based deduplication, elimination of clearly non-responsive domains and other activities where clearly redundant or non-responsive ESI can be removed from the collection.  That’s a different type of culling that does make sense.

So, what do you think?  To keyword cull or not to keyword cull?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Are Investment Activities Slowing Down in eDiscovery?: eDiscovery Trends

Before I begin talking about that, this smiling boy above is my kid Carter.  He turns 9 years old today, so I thought I would give him a shout out.  Happy Birthday, Carter!

As I’ve discussed before and revisit from time to time, to get the latest list of mergers, acquisitions and investments in eDiscovery, you can go to Rob Robinson’s Complex Discovery site.  His site keeps a running list of publicly disclosed mergers, acquisitions and investments in the eDiscovery industry and goes all the way back to 2001 – over 15 1/2 years.  That’s even before Kroll merged with – wait for it – Ontrack!  You thought I was going to say “LDiscovery”, didn’t you?  Anyway, it’s a pretty extensive list containing 301 transactions, so it’s quite a comprehensive list.

With so much data to analyze, Rob has published another story discussing activity patterns over the years for eDiscovery mergers, acquisitions, and investments.  Here are some of the interesting findings:

  • There have been at least 300 M&A+I events in the eDiscovery ecosystem since 2001. (n=301)
  • 2012 has been the most active year for M&A+I events since with at least 49 total events.
  • 2017 appears to be off to the slowest start in terms of total M&A+I events since 2010 (January through May).
  • The decrease in total M&A+I between 2012 and 2013 appears to be the most significant yearly drop in terms of events and percentage of events since 2001.
  • May and June have been the most active months for M&A+I events since 2001.
  • April has been the least active month for M&A+I events since 2001.

Rob also provides a year by year total of activities.  So far in 2017, there have only been 8 M&A+I events.  Eight!  We’re on a pace for only 19 or 20 M&A+I events this year.  Compared to 2015 (40) and 2016 (36), that’s roughly half of the pace of the past two years.  Sure, there have been, as always, some notable events, including the acquisition of Altep by Advanced Discovery and the merger of Discovia and Lighthouse.  But, not near as many as recent years.

So, what do you think?  Is this simply a lull or a sign of a trend?  And, if it’s a trend, why?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Google Again Ordered to Produce Internationally Stored Data: eDiscovery Case Law

In the case In re: Search of Content that is Stored at Premises Controlled by Google, Case No. 16-80263 (N.D. Cali., Apr. 19, 2017), California Magistrate Judge Laurel Beeler, noting that the “SCA regulates disclosure of data in a service provider’s possession” ordered Google to “produce all content responsive to the search warrant that is retrievable from the United States, regardless of the data’s actual location”.

Case Background

A search warrant was issued in June 2016 that authorized production of information from specific Google email accounts regarding subscriber information, evidence of specified crimes, and information about the account holders’ true identities, locations, and assets.   Google did produce data “confirmed to be stored in the United States” including emails, but did not include the attachments for emails because they were not “confirmed” to be stored in the United States.  Google also moved to quash or amend the search warrant, which the government opposed, countering that the SCA authorizes production of data retrievable from the United States.

The court held a hearing in February 2017 and directed (1) the parties to submit a joint stipulation of undisputed facts relevant to the extraterritoriality analysis and (2) Google to provide information about its current ability to identify whether information is stored in the United States, given its representation at the hearing that it was finalizing a tool to identify whether or not content was stored in the United States.  The parties provided additional information in March.

Judge’s Ruling

As in the previous ruling against Google, Judge Beeler reviewed the Second Circuit ruling (Matter of Warrant to Search a Certain E-Mail Account Controlled & Maintained by Microsoft Corp., 829 F.3d 197 (2d Cir. 2016)), where the Second Circuit denied the government’s efforts to compel Microsoft to provide emails in that case.  However, Judge Beeler noted that “the parties stipulate that the only place to access the information is in the United States” and stated that “the conduct relevant to the focus — and what the SCA seeks to regulate — is disclosure of the data in the service provider’s possession…The service provider — Google — is in the district and is subject to the court’s jurisdiction; the warrant is directed to it in the only place where it can access and deliver the information that the government seeks.”

Judge Beeler, in denying Google’s motion to quash the warrant for content that it stores outside the United States and ordering it to produce all content responsive to the search warrant that is retrievable from the United States, regardless of the data’s actual location, concluded that “the disclosure is a domestic application of the SCA”.

So, what do you think?  Should the location of the data or the location of the searches for the data determine whether it is subject to foreign data privacy considerations?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Want to Find Malware in Your Network Sooner? Listen to Your Network: Cybersecurity Best Practices

One of the most telling statistics about cybersecurity and data breaches that we covered during Wednesday’s webcast was from last year’s Verizon Data Breach Incident Report which said that almost 93 percent of breach compromise incidents occur within minutes, with 11 percent of those occurring within seconds. But, less than 25 percent of those breaches are discovered within days.  Maybe your network traffic holds the key to detecting malware sooner.

According to this article in the Georgia Tech News Center by John Toon (with an assist by Sharon Nelson of the Ride the Lightning blog), security administrators could detect malware infections weeks or even months before they’re able to capture a sample of the invading malware by analyzing network traffic going to suspicious domains.  Findings in a new study illustrate the need for new malware-independent detection strategies that will give network defenders the ability to identify network security breaches in a timelier manner.

As the article notes, the strategy would take advantage of the fact that malware invaders need to communicate with their command and control computers, creating network traffic that can be detected and analyzed. Having an earlier warning of developing malware infections could enable quicker responses and potentially reduce the impact of attacks, the study’s researchers say.

In the study, Manos Antonakakis, an assistant professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, Graduate Research Assistant Chaz Lever and colleagues analyzed more than 5 billion network events from nearly five years of network traffic carried by a major U.S. internet service provider (ISP). They also studied domain name server (DNS) requests made by nearly 27 million malware samples, and examined the timing for the re-registration of expired domains – which often provide the launch sites for malware attacks.

The researchers had hoped that the registration of previously expired domain names might provide a warning of impending attacks, but found there was often a lag of months between when expired domains were re-registered and attacks from them began.  The research required development of a filtering system to separate benign network traffic from malicious traffic in the ISP data.  By studying malware-related network traffic seen by the ISPs prior to detection of the malware, the researchers were able to determine that malware signals were present weeks and even months before new malicious software was found.

The chart above (courtesy of Georgia Tech) shows the time difference between when malware signals were detected in the network traffic of a major ISP and when the malware appeared on black lists.

In all, the researchers found more than 300,000 malware domains that were active for at least two weeks before the corresponding malware samples were identified and analyzed.  The participants hope their study will lead to development of new strategies for defending computer networks.

So, what do you think?  Could this become a breakthrough in defending against malware?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Texas Supreme Court Denies Request for Mandamus Relief without Prejudice Over Native File Production: eDiscovery Case Law

In the case In Re State Farm Lloyds, Relator, Nos. 15-0903, 15-0905 (Tex. Sup. Ct. May 26, 2017), the Texas Supreme Court, in an opinion delivered by Justice Eva M. Guzman, denied the petitions for writ of mandamus without prejudice, “affording the relator an opportunity to reurge its discovery objections” (regarding the requesting party’s request for a native file production) to the trial court in light of its opinion.

Case Background

In this case which involved a homeowner’s insurance claim after hail storm damage, the parties met repeatedly and unsuccessfully to attempt to negotiate a protocol for the production of ESI, with format of production being among the primary issues as the requesting party (the homeowners) requested native file production from the producing party (State Farm) in this case.  The trial court held an evidentiary hearing on the discovery issues, after which it granted the motion to compel native production of the ESI.  The court of appeals denied mandamus relief (we covered that ruling here), which led to State Farm’s appeal to the Texas Supreme Court.

Court Opinion

In the opinion delivered by Justice Guzman, the Court noted that “Under our discovery rules, neither party may dictate the form of electronic discovery. The requesting party must specify the desired form of production, but all discovery is subject to the proportionality overlay embedded in our discovery rules and inherent in the reasonableness standard to which our electronic-discovery rule is tethered.”

State Farm’s position was that it processes more than 35,000 new claims each day and, in the ordinary course of business, information related to those claims is routinely converted into static format and uploaded to its Enterprise Claims System (ECS), “the system of record” for claims handling at State Farm.  Its expert contended that ESI in “static format is easier to Bates number for discovery; allows efficient management of documents as exhibits at depositions, hearings, and trials; enables redaction, which is not possible with most native forms of ESI; and avoids intentional or unintentional alteration of the information, which may be difficult to detect or propagate further disputes about data integrity”.  The expert claimed that production in native form “would require State Farm to engineer a new process that includes determining upstream sources of the data, validating the upstream sources, determining whether native files of the information still exist, and developing an extraction method for the native versions.”  The expert did not quantify the time or expense involved, but claimed that “[t]hese additional steps would be an extraordinary and burdensome undertaking for State Farm” and are unnecessary because State Farm’s proffered production form is “reasonably usable.”

In asserting that searchable static format is not a “reasonably usable form,” the homeowners supported their proposed electronic discovery protocol with expert testimony that static images have less utility compared to native format, which would allow them to see formulas in Excel spreadsheets, search and sort the information by data fields, analyze the relationship of data, and see information in color that may not translate as accurately to stored or printed static images. Referring to static-form production as “the electronic equivalent of a print out,” the homeowner’s expert explained that useful metadata would not be viewable in static form, including tracked changes and commenting in Word documents; animations, other dynamic information, and speaker notes in static printouts of PowerPoint documents; and threading information in emails that would allow construction of a reasonable timeline related to State Farm’s processing of the homeowners’ claims.  Summarizing the homeowners’ position, the expert explained, “[W]e’re not imposing any additional duties, we’re only asking that they not be allowed to dumb down, to downgrade the data for production.”

The Court’s opinion noted that “Whether production of metadata-accessible forms is required on demand engages the interplay between the discovery limits in Rule 192.4 and production of electronic discovery under Rule 196.4” and also stated that “When a reasonably usable form is readily available in the ordinary course of business, the trial court must assess whether any enhanced burden or expense associated with a requested form is justified when weighed against the proportional needs of the case.” 

The Court also discussed the following seven factors when considering proportionality of the request: 1. Likely benefit of the requested discovery, 2. The needs of the case, 3. The amount in controversy, 4. The parties’ resources, 5. Importance of the issues at stake in the litigation, 6. The importance of the proposed discovery in resolving the litigation and 7. Any other articulable factor bearing on proportionality.  The Court also considered parity with Rule 34 of the Federal Rules of Civil Procedure and noted that “Rule 34’s plain language does not permit either party to unilaterally dictate the form of production for ESI.”

The Court concluded by stating:

“Today, we elucidate the guiding principles informing the exercise of discretion over electronic-discovery disputes, emphasizing that proportionality is the polestar. In doing so, we further a guiding tenet of the Texas Rules of Civil Procedure: that litigants achieve a ‘just, fair, equitable and impartial adjudication . . . with as great expedition and dispatch and at the least expense . . . as may be practicable.’ Because the trial court and the parties lacked the benefit of our views on the matter, neither granting nor denying mandamus relief on the merits is appropriate. Accordingly, we deny the request for mandamus relief without prejudice to allow the relator to seek reconsideration by the trial court in light of this opinion.”

So, what do you think?  Do you agree with State Farm’s arguments that producing native format ESI would be “extraordinary and burdensome” and that its proposed production form is “reasonably usable.”?  Please share any comments you might have or if you’d like to know more about a particular topic.

One footnote (literally): This opinion actually cited one of our blog posts in the footnotes, when discussing the relevance of metadata to the request – this post regarding how metadata played a key role in a $10.8 million whistleblower lawsuit verdict.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s the Day to Learn What You Need to Know About Cybersecurity and Data Privacy in 2017: Cybersecurity Best Practices

As we’ve recently noted (here and here), data breaches are happening within organizations at an alarming rate, and sensitive data is being compromised regularly.  It’s enough to make you wanna cry.  Here’s where you can find out what you can do to protect yourself, your firm and your client from becoming a victim and also what you need to do to keep up with ever-changing requirements for data security, both within the US and internationally.

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine, along with our friends, the cybersecurity experts at Firm Guardian, LLC, will conduct the webcast What Attorneys Need to Know About Cybersecurity and Data Privacy in 2017.  This one-hour webcast will discuss what you need to know today about cybersecurity and data privacy to protect the sensitive data that your organization manages every day.  Examples of topics being discussed include:

  • The State of Cybersecurity in the U.S. in 2017
  • Top Threats Facing Your Practice
  • Your Responsibility to Your Clients: The High Cost of Data Leaks
  • How to Protect Your Firm and Your Clients
  • Recent Developments in International Data Privacy
  • Criteria for Evaluating Providers in Your eDiscovery Projects
  • Ethics Considerations
  • Looking Forward: The Future of Cybersecurity in the Legal Field

I’ll be presenting the webcast, along with Julia Romero Peter, General Counsel and VP of Sales at CloudNine and joining us from Firm Guardian will be Sean Hall, CEO at Firm Guardian and Paul Cobb, the company’s COO.  The Firm Guardian team has over 30 years of combined experience dealing with foreign and domestic cyber-threats against government and military targets.  So, they have a lot of good information to share to help your organization combat those threats!

To register for the webcast, click here.  Don’t be this firm.

So, what do you think?  Do cybersecurity and data privacy concerns keep you up at night?  They did for this lawyer.  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Few States Still Have an Ethics Opinion Regarding Lawyer Cloud Usage: eDiscovery Best Practices

The Legal Technology Resource Center (LTRC) of the American Bar Association’s (ABA) web site has a great resource for those who want more information regarding a variety of technical topics, including the ethics for lawyers in using and storing client data in the cloud.  However, few states so far have published ethics opinions on the topic.

On their site in a page entitled Cloud Ethics Opinions Around the U.S., the ABA provides an interactive map of the states (see the image of it above), with the states that have published ethics opinions shown in blue.  On the actual site, you can either click on the state to scroll down to it or manually scroll down to the state by name alphabetically (more or less, the list has “Nevada” after “New Hampshire”, “New Jersey” and “New York”, just sayin’).  According to the ABA, here are the states that have published ethics opinions (with links to each state’s opinion):

If you counted, that’s 21* total states with opinions – less than half of the total state jurisdictions.  When we covered this three years ago, there were only 14 states at that time, so that’s at least some progress.

If you don’t feel like reading all of the opinions word for word, the ABA site provides two tabs below the interactive map:

  • Quick Reference tab that identifies whether cloud usage for client data is permitted (so far, all of the states listed above say “Yes”), the standard for use (currently all states with opinions enforce a reasonable care standard) and a bullet point list of specific requirements or recommendations;
  • Opinion Summaries tab that provides a brief summary for each of the opinions.

As the site notes, “in most opinions, the specific steps or factors listed are intended as non-binding recommendations or suggestions. Best practices may evolve depending on the sensitivity of the data or changes in the technology.”  Also, the site identifies opinions (Arizona, New Jersey and Washington to date) where the opinions address issues which aren’t directly labeled cloud computing or software as a service, but which share similar technology (e.g.. online backup and file storage).

Hopefully, more states will follow the examples of these 21 states and publish their own opinions soon.

*Thanks to Mark C. Palmer for pointing us to the opinion in Illinois!

So, what do you think? Are you surprised that more states don’t have published cloud ethics opinions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.